Democratic National Committee Punishes Bernie Sanders For Their Own Technical Mistake; Sanders Threatens To Sues

from the turmoil dept

There's a bizarre story about potential computer hackery this morning, involving the Democratic National Committee and the campaigns of Bernie Sanders and Hillary Clinton -- the two front runners on the Democratic side. Apparently, the DNC was doing some sort of upgrade to its computer systems, and in the process, there was a glitch that very briefly allowed a Sanders staffer, "data director" Josh Uretsky, to access confidential data from Hillary Clinton's campaign -- specifically confidential voter information gathered by Clinton's campaign. Uretsky realized he was able to access the data and did so -- and has apparently since been "fired." In response, the DNC has completely cut off all access to its systems to the Sanders' campaign, saying it won't allow the campaign back in "until it provides an explanation as well as assurances that all Clinton data has been destroyed."

Yes, accessing a competitor's data seems questionable, but again remember that the mistake here appears to be because of the DNC itself -- or, rather, its computer system vendor NGP VAN. If there's a problem, the DNC should take it up with NGP VAN who fucked up and made the data available across campaigns. That's a pretty big mistake, given the stakes. But to blame the Sanders campaign seems pretty questionable. Yet, the DNC apparently has decided to go full bore against the Sanders campaign instead of admitting to its own error:

DNC chair Debbie Wasserman Schultz weighed in with a statement of her own.

"Once the DNC became aware that the Sanders campaign had inappropriately and systematically accessed Clinton campaign data, and in doing so violated the agreement that all the presidential campaigns have signed with the DNC, as the agreement provides, we directed NGP VAN to suspend the Sanders campaign's access to the system until the DNC is provided with a full accounting of whether or not this information was used and the way in which it was disposed," she said.

“The Sanders campaign doesn’t have anything other than bluster at the moment that they can put out there,” she told CNN on Friday. “It’s like if you found the front door of a house unlocked and someone decided to go into the house and take things that didn’t belong to them.”

To some extent, this sounds like the ridiculous legal fights over the CFAA, over what is and what is not "exceeds authorized access" (just wait until the DNC files CFAA claims against the Sanders campaign...). But separate from that, it really looks like the DNC is not just playing favorites with the Clinton campaign here, but so actively trying to blame its own technical failures on the Sanders campaign as to make itself look ridiculous.

Update: Well, that didn't take long. The Sanders campaign has sued the DNC alleging breach of contract (Sanders and the DNC have a contract allowing the campaign access to the system) as well as negligence for letting NGP VAN screw things up so badly.

Re: Re:

Re: Baited

If you are a taste tester for a cake company and someone opens the oven door your job is to taste the cake. Ut Oh gotcha.But as I understand it no info could be removed from the data base. With an exemplary historical record, Bernie Sanders fired the person for looking at the info opened to him. Names and timing make this a very convenient occurrence for the opposition.

It seems as though Bernie Sanders was running solely to make it look like Hillary Clinton was fighting for the nomination. Now that it is getting to the point he's not needed anymore, we'll start to see more of these types of stories, effectively pushing out the mainstream of the Democratic Party in favor of the "anointed" one.

Political parties, the definition of dirt

They gerrymander election districts. They filter potential candidates. They strong arm elected officials to toe the party line, even when it goes against the electorate. They organize dirty tricks to support their officially sanctioned candidates. The list of dirty deeds goes on and on.

Now they screw up and instead of accepting responsibility, they point fingers. Yet another reason to get rid of political parties all together.

Re: Re: Re: Political parties, the definition of dirt

Wrong, the citizens are the people that the political gangs want to rule. Most people have little interest in politics beyond having the roads maintained, the rubbish collected, and a police force and army to protect them. This is why the political gangs are so successful, most people sort of tolerate their existence.

Re: Re: Re: Re: Political parties, the definition of dirt

I won't argue with you about the existence of apathy, but we the people are the government, were just lax in exercising our responsibilities. That we let your 'gangs' get away with what they get away with is just an expression of that apathy. The possibility that without those 'gangs' that apathy might be less apparent because then the governed might actually have to govern on an ongoing basis.

There was more than one founding father that spoke against political parties.

Re: Re: Re: Re: Re: Re: Political parties, the definition of dirt

Both of those systems talk about political parties. I am suggesting that we have NO political parties, actually make them illegal. Not sure if the issues raised by those videos remain or not.

In order for my vision to work, the government would have to pay for elections, a drop in the bucket compared to NSA's budget. This would eliminate all campaign fund raising and leave candidates to discuss issues. Since no money is needed for candidates to run, the elite don't have a leg up, and the 'corporate people' have less impact because their money matters less, or better should be outlawed. I don't believe that corporations have first amendment rights, nor should they.

Re: Re: Re: Re: Re: Re: Re: Political parties, the definition of dirt

I don't believe that corporations have first amendment rights, nor should they.

Well, I don't think corporations should be able to contribute to campaigns if there's going to be a donation limit for individuals (for the same reasons that individuals are limited to 1 vote each and corporations can't vote), but they do, and should, have First Amendment rights (well, it's really the rights of the people who control the corporation.)

The NRA is a corporation; to say that they have no First Amendment rights is to deny the First Amendment rights of those members who came together for a cause. Same for the NAACP or the ACLU or the EFF. Heck, "Bernie 2016 Inc." is a corporation.

And it's not just a for-profit vs nonprofit thing. The New York Times is a for-profit corporation; to say they have no First Amendment rights is to deny that freedom of the press even exists. And we can't just have an exception for media companies; we do NOT want the situation where you need to buy an entire media company in order to have a say.

In order for my vision to work, the government would have to pay for elections, a drop in the bucket compared to NSA's budget.

Total campaign spending in a presidential election year might be less than the NSA's budget, but not by that much, and is certainly more than a "drop in the bucket" in comparison. It's not just the presidential campaign; it's about 33 Senate and 435 House elections, not to mention various governors, other state offices, and local elections. It's in the billions. (Although maybe you envision a federal law that leaves state and local elections as they are.)

If you publicly fund campaigns, that will necessitate a large drop in campaign spending, unless we really want to let each candidate spend over $100 million. Right now, the budget of a candidate depends on what he can convince people to give him. If you have total public financing, how do we decide who gets how much? What's to prevent me from running, appointing all my friends and family as campaign staff, and running a non-serious campaign while they cash in? Heck, that's already a problem, but at least now you need to convince people to donate in order to do that.

This would eliminate all campaign fund raising and leave candidates to discuss issues.

You seriously think they'd discuss issues if only things were financed differently? Heck, right now, I'm sure the various campaigns are giving speeches about issues on pretty much a daily basis. If a candidate spends 4 hours talking about issues, 5 minutes blasting another candidate, and 15 seconds saying something stupid, guess what gets put on the news. (Well, actually that depends on how much the news likes the candidate.)

OK, you make a reasonable argument for corporations to have first amendment rights, though I find the newspaper one more persuasive. But since they cannot vote, when it comes to elections their speech should be limited to endorsements and those endorsements should clearly state that they are from the board of directors or whatever and not necessarily all of the employees or members or stockholders.

There should be no ability for those corporations to spend money to influence elections, since they cannot vote why should they be able to outspeak individuals. Money should not be speech simply because it silences those without money. Every voter should have an equal opportunity to speak and be heard. It should not be up to how much money you control to impact your ability to be heard. In fact, in a government pays system, all other election related spending should be outlawed.

Let the electorate set the agenda (AKA platforms) let the candidates position themselves as to those issues.* Then set up a process where the people can govern without giving up their full time endeavors whether they be careers or families or other. Send representatives who are accountable to their electorate, not some rich third party. Make all of those jobs including life tenured jobs be impeachable for cause, including failing to uphold the oath of office, with every citizen having standing to initiate, but some reasonable methodology to prevent ridiculousness or sore loser syndrome.

I believe democracy can work, even if it is in a capitalist economic system. We just haven't found the right formula yet.

*(I do believe that we can create an internet based voting/communication system that is at least as secure as what we have now, and maybe better. Let it be open sourced and patent free hardware and software. Put it out on the internet for several levels of alpha and beta testing and inspection. Beat it up. Break it. Then fix it again. Let it be designed in such a way that when flaws are found they are correctable. Let it be both audit able and insure privacy. Let it be encrypted where appropriate.)

Seriously flawed analogy

'“It’s like if you found the front door of a house unlocked and someone decided to go into the house and take things that didn’t belong to them.”'

That's not at all what it sounds like, based on the reports I've read. (And I don't care at all about either candidate.)

Here's a better analogy:

You (Sanders) and your neighbor (Clinton) live in a duplex that shares a front door to an antechamber that houses the doors to both of your abodes. You find that the front door lock is broken, so you test the front doors to your and your neighbors house in order to assess the extent to which everyone's security has been compromised. You find that the locks on all 3 doors are broken, so you report it to your landlord (Schultz).

And then your landlord gets pissed at you, locks you into your house, and throws away the key.

Re: Seriously flawed analogy

You (Sanders) and your neighbor (Clinton) live in a duplex that shares a front door to an antechamber that houses the doors to both of your abodes. You find that the front door lock is broken, so you test the front doors to your and your neighbors house in order to assess the extent to which everyone's security has been compromised. You find that the locks on all 3 doors are broken, so you report it to your landlord (Schultz).

And then your landlord gets pissed at you, locks you into your house, and throws away the key.

Absolutely. Though I am not sure that the landlord was even notified in this case (none of the articles I've read have indicated that Sanders' team has notified the DNC about the flaw, but that may just be bad reporting, since they were made aware of it somehow.)

Uretsky told CNN Friday morning that he and others on the campaign discovered the software glitch Wednesday morning and probed the system to discover the extent of their own data’s exposure. He said there was no attempt to take Clinton information but said he took responsibility for the situation.

“We investigated it for a short period of time to see the scope of the Sanders campaign’s exposure and then the breach was shut down presumably by the vendor,” he told CNN. “We did not gain any material benefit.”

Weaver said the Sanders campaign never downloaded or printed any of the data, meaning it is no longer in possession of any proprietary information. He squarely blamed NGP VAN for the glitch — and blamed the DNC for hiring the company.

It sounds like they discovered it, probed it to find out what was broken/how much access they had, but were cut off before they could do much.

Stu Trevelyan, the chief executive of NGP-VAN, told the Guardian: “The security and privacy of our customers’ data is our top priority. This was an isolated incident where as the result of a software patch, for a brief window, the voter data that is searchable across campaigns in VoteBuilder included specific data points it should not have, on a specific part of the system.”

I really despise it when companies are allowed to say this with impunity. If the security and privacy of your customers' data was your top priority, why did you allow anyone with access to the system to access the data without protections in place?

I also can't stand the "front door is unlocked, someone goes in and helps themselves" mantra either... It is always used to beat up security researchers too...we discover a flaw, and immediately someone (usually the company who hasn't even done due diligence,) throws out this trope. While in this case, it is far more apropos since the staffer accessed data he shouldn't have, it shouldn't be used to assassinate the messenger just because they found you exposed.

So the initial poking around could have merely been curiosity, seeing what all was available to judge the scope of what was most likely available to the other campaigns. While the stories say 4 people total accessed it 3 at the direction of the fired person, one would be curious if it was deeply digging or if it was a omg look at this!! I wonder if they can see out data too!

One does hope that the audit, that should be happening, covers all of the times they vendor screwed up. I do hope that if they discover a Clinton staffer looked at anything from the other side that they face the same sorts of outrage and being cut off. Equal enforcement would be key in proving that you aren't trying to steer your favored candidate over someone who thinks they are competing on even ground.

My question is how can they tell the Saunders people took data, or was merely seeing it enough to make that misleading claim. It is one thing to say they saw data they shouldn't have it is another to claim they took it, and if she is basing that statement from anything provided by the vendor who has a history of screwing things up she might find herself out on a limb and having to apologize for putting her faith in a vendor who screws up regularly.

The DNC is full of crap

I've used this software (VoteBuilder). When you conduct a search, it returns a (downloadable) set of results that match the criteria, e.g.,. "all registered Democrats in zip code 12345". And as noted here:

This was an isolated incident where as the result of a software patch, for a brief window, the voter data that is searchable across campaigns in VoteBuilder included specific data points it should not have, on a specific part of the system.

What happened was that the screwup on the part of the vendor allowed the software to return search results that it normally wouldn't. In other words, the person running the search did nothing wrong or different from anything they'd previously done: they just got a lot more back this time, and probably saved it in order to try to figure out WHY that was the case.

This is not a case of hacking. This isn't even a case of unauthorized access. This is a case of a vendor security fuckup causing an overly-inclusive data set to be returned. And the Debbie Wasserman Schultz, who has done everything she possibly could to rig the process for Clinton, is LYING about it.

I wouldn't be surprised if a Climton staffer used the same glitch, and the DNC is taking this convenient opportunity to throw up a smokescreen and attempt to undermine the Sanders campaign at the same time.

Sanders is calling their bluff, and my guess is they'll back down quietly.

This is such bullshit. The DNC is totally trying to fuck the Sanders campaign. Saturday night debates? Really? If anything, no one should be allowed to access any information until this is resolved.

The blame is 100% on the vendor. If their front-end OpSec is this terrible, imagine what the back end is like. I would be willing to bet dollars to doughnuts Hillary's grey hats have accessed as much or more of Sanders' data but where smart (or sleazy) enough to hide their tracks.

Who patches their systems during the workday?

1. Why wasn't the data silo-ed and air gapped etc??? I mean their will always be an error if an error occurs why have it be in a way that those that are being kept out instantly have access.

2. As the data "guy" isn't it his responsibility to learn as much as possible about how the competition is working. I mean he might not have been gathering any useful data that the campaign could use as in John Doe or Mary Jane data... but data on how he can be doing his job better filtering analyzing etc.. He is working with a very proprietary system and has few other ways to learn about how people use it than to look at basically the competition

3.Sadly it's well known that Wasserman Schultz has manipulated the DNC nominating process to benefit Clinton with the way the debates were numbered and done and more...

Irresponsible

Oh please. So sick of Berniebro-tecchie whining. Bernie's campaign got caught with its hands in the cookie jar. Glitch or not, nobody made them use the glitch to access the data then lie and claim only one user accessed it when really it was four.

That said, Hilary should disown all of this by declaring that neither she nor the American people care about Bernie's d---m data breach. Because we all -- or should be -- focused on the issues. The probably is Bernie's manaical cult is focused on playing the victim and tantruming with a chip on their shoulder. As every athlete knows, the only team that whines about the refs is the losing team.

Hillary suffered months of unfair press and falling poll numbers due to the Emailghazi nonsense. She fought back and bounced back, like Americans do. If Bernie can't handle the heat, he can't be an American President. His campaign should do him a favor. come clean, and fire all FOUR staffers involved.

Re: Irresponsible

I'll let Hillary off for the email debacle after she does time like the last "little person" to be caught doing the same thing. As long as Hillary stands for "Laws are for Little People" as opposed to EVERYBODY, she can suck donkey dong.

Pebcak error for POTUS.

So you got Pwnd by a mistake at the DNC. And you think it's a good thing to say that in public? Have you MET these people? And you didn't expect this?

You do realize that dealing with computer based espionage has been, and will be for the forseeable future, a significant part of international politics? And THIS is the example you want to put in front of the press?

"Oh, I don't understand all that email stuff." --HRC

It isn't about ideals anymore. It is about aristocracy. Overturn Citizens United. Reinstated Glass Steagall. Bust the Trusts.

NGP VAN was founded by Clinton's '08 campaign tech chief. This same "error" happened before and Sanders people alerted the DNC. Looks like this time they tried to see what their exposure risk was and got caught up - possibly in a deliberate trap. Doing a typical voter search would have returned Sanders plus the accidental Clinton data. Sounds like his data chief then clicked it (downloading) to see if the data was downloadable and what it included to assess their own exposure risk. If they had simply reported it its unlikely Debbie would have done an audit or investigation (she still won't here!) just like she didn't last time. If the data chief didn't download the files he would not have proven the significance of this (and the first) glitch. That evidence would give them cause to demand an audit - which might be why debbie is being so beligerent. Too much manuveuring and jockeying by team DNC to not be a set up.

If a senior Sanders staffer screwed up badly enough to be fired, the question is the remedy

The complaint appears to acknowledge that several staffers viewed data that they should not have viewed, and that one staffer -- a very senior staffer, I gather -- did so often enough that the campaign felt that firing him was the appropriate response. In those circumstances, the lawsuit is over whether the campaign's misconduct -- misconduct by a senior staffer -- is properly addressed by a temporary loss of access.

I have to say I am not sure that this is an attractive claim for relief, although of course it depends on the entire language of the contract, and the complaint only cites excerpts of the contract.

Wouldn't put DWS, DNC, HRC, WJC, NGP VAN past faking logs. Corroborating evidence along with the logs or they are suspect. Incompetence at upgrades suggests incompetence at forensics. If the logs were evidentiary, why would they be shared with the press so readily. It's a total hatchet job.

If Sanders stands a chance he needs to judo this one on DWS & HRC. They are looking for a knockout punch but Hill has a weak link when it comes to data security. To hell with the emails may backfire on her if these alleged logs don't hold up.

The only thing the DNC knows is what NGP VAN tells them?

Debbiee Wasserman Schultz on MSNBC:

"Until I am fully advised by independent experts how best to approach this as quickly as possible, the only available remedy for us is to make sure that we can not have the information manipulated, and the only way we can do that is to temporarily suspend access to the voter file."

1. Hardware is cheap. There is no excuse for the campaigns not to have been mutually isolated at a hardware level.

2. There is no excuse for the DNC to not have control over its own data. If data is subordinate, relationships are subordinate, and this isn't the NGP VAN party.

It is the same with the DNC as it is with all of the candidates. You have people who really don't understand the role of modern technology is the modern economy, making decisions about both.

The difference is that with Bernie, the aristocracy gets separated so they can't bully as many kids on the playground. Or more succinctly: there is less moral hazard created by techno-dilettante-ism.

You can't float an idea through an icecap of bigotry. And it IS bigotry. The southern states wanted to constrain the civil rights of blacks in the 50's. The appetites of the modern aristocracy are less narrow.

dnc f up

I first saw this last night on RNS. When Rachel was talking about it there was a comment flashed on the screen. It was only on for a moment but I noticed the way it was worded. It said that the firewall had gone down "again". No other mention was made by anyone about the other time(s) this happened, or what had happened then. Anyone else hear anything about this?

Re: Who patches their systems during the workday?

Short answer: Anyone whose job it is to patch the system.

Every day is a "workday" for somebody. You can bet your ass that this is true for both campaigns involved, as well as for WTF POS VAN (or whatever those incompetent shoot-the-messenger assholes' name is).

The same people who don't like us "whining" about encryption and privacy... with arguments like "encryption is used by terrorists" and "if you've done nothing wrong, you've got nothing to hide"... are now victims of a failure of security and encryption.

You would think they could reconsider their positions...But that would not account for their higher-class mentality: they have rights that you don't. They have the right to privacy, protection by encryption, presumption of innocence...You have the right to give them whatever they want, be it data, money, votes...

A "democracy" in name only. A pretense of "equal rights". But at least you have bread and games. :)